Deutsche Telekom Internet Outage Said to Be Due to Failed Botnet Attempt

Hundreds of thousands of Deutsche Telekom customers in Germany were hit on Sunday by network outages and a company executive blamed the disruptions on a failed hacking attempt to hijack consumer router devices for a wider Internet attack.

Deutsche Telekom said on Monday as many as 900,000, or about 4.5 percent of its 20 million fixed-line customers, suffered Internet outages starting on Sunday and continuing into Monday, when the number of affected users began to decline sharply.

Deutsche Telekom’s head of IT Security Thomas Thchersich told the newspaper Der Tagesspiegel that the outages appeared to be tied to a botched attempt to turn a sizeable number of customers’ routers into a part of the Mirai botnet.

“In the framework of the attack, it was attempted to turn the routers into a part of a botnet,” Tschersich told the Berlin newspaper, referring to the network devices customers use to connect to the Internet for phone, data and TV services.

Mirai is malicious software designed to turn network devices into remotely controlled “bots” that can be used to mount large-scale network attacks. Last month, hackers used it to unleash an attack using common devices like webcams and digital recorders to cut access to some of the world’s best known websites.

Telekom resells routers from more than a dozen mostly Asian suppliers under the brand Speedport. It offered firmware updates on Monday to three models, all of which are made by Taiwan’s Arcadyan Technology.

The German network operator will be reviewing their cooperation with Arcadyan following the outage, Tschersich told Tagesspiegel.

Arcadyan did not reply to an emailed request for comment.
The network monitoring site Allestoerungen.de (Breakdown)reported tens of thousands of complaints across Germany ranging from Berlin, Hamburg and Duesseldorf in the north to Frankfurt, Stuttgart and Munich in the south.

The site showed outages began to surge at 1400 GMT (7:30pm IST) on Sunday and peaked around 1600 GMT, then picked up again on Monday.

Telekom said on Monday its security measures appeared to be taking effect and the number of customers affected had declined to around 400,000 by 1200 GMT on Monday.

German security officials said the outages looked like the work of hackers, several government sources told Reuters.

The company suggested that users having connection problems unplug their router, wait 30 seconds and then restart their device. But if problems continued, the network operator advised them to disconnect their equipment from the network.